Database of Long-Lived Symmetric Cryptographic Keys
draft-ietf-karp-crypto-key-table-07

The information below is for an old version of the document
Document Type Active Internet-Draft (karp WG)
Last updated 2013-07-03 (latest revision 2013-03-12)
Replaces draft-housley-saag-crypto-key-table
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf html
Stream WG state Submitted to IESG for Publication
Doc Shepherd Follow-up Underway
Consensus Yes
Document shepherd Brian Weis
Shepherd write-up Show (last changed 2013-03-27)
IESG IESG state Waiting for AD Go-Ahead::Revised I-D Needed
Telechat date
Responsible AD Stewart Bryant
Send notices to karp-chairs@tools.ietf.org, draft-ietf-karp-crypto-key-table@tools.ietf.org
IANA IANA review state IANA OK - Actions Needed
IANA action state None
INTERNET-DRAFT                                               R. Housley
Internet Engineering Task Force (IETF)                   Vigil Security
Intended Status: Standards Track                                T. Polk
                                                                   NIST
                                                             S. Hartman
                                                      Painless Security
                                                               D. Zhang
                                                                 Huawei
Expires: 12 September 2013                                12 March 2013

          Database of Long-Lived Symmetric Cryptographic Keys
               <draft-ietf-karp-crypto-key-table-07.txt>

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Housley, et al                                                  [Page 1]
INTERNET-DRAFT                                            March 12, 2013

Abstract

   This document specifies the information contained in a conceptual
   database of long-lived cryptographic keys used by many different
   security protocols.  The database is designed to support both manual
   and automated key management.  In addition to describing the schema
   for the database, this document describes the operations that can be
   performed on the database as well as the requirements for the
   security protocols that wish to use the database.  In many typical
   scenarios, the security protocols do not directly use the long-lived
   key, but rather a key derivation function is used to derive a short-
   lived key from a long-lived key.

1. Introduction

   This document specifies the information that needs to be included in
   a database of long-lived cryptographic keys in order to key the
   authentication of security protocols such as cryptographic
   authentication for routing protocols.  This conceptual database is
   designed to separate protocol-specific aspects from both manual and
   automated key management.  The intent is to allow many different
   implementation approaches to the specified cryptographic key
   database, while simplifying specification and heterogeneous
   deployments.  This conceptual database avoids the need to build
   knowledge of any security protocol into key management protocols. It
   minimizes protocol-specific knowledge in operational/management
   interfaces, but it constrains  where that knowledge can appear.
   Textual conventions are provided for the representation of keys and
   other identifiers. These conventions should be used when presenting
   keys and identifiers to operational/management interfaces or reading
   keys/identifiers from these interfaces. It is an operational
   requirement that all implementations represent the keys and key
   identifiers in the same way so that cross-vendor configuration
   instructions can be provided.

   Security protocols such as TCP-AO [RFC5925] are expected to use per-
   connection state.  Implementations may need to supply keys to the
   protocol-specific databases as the associated entries in the
   conceptual database are manipulated. In many instances, the long-
   lived keys are not used directly in security protocols, but rather a
   key derivation function is used to derive short-lived key from the
   long-lived keys in the database.  In other instances, security
Show full document text